CVE-2025-54924

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint...

CVE-2025-54925

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url...

CVE-2025-54925

Schneider Electric EcoStruxure Power Monitoring Expert is affected by a Server-Side Request Forgery (SSRF) in the ExportDataAsXML path. The vulnerability allows remote attackers to disclose sensitive data by configuring the application to access a malicious URL; exploit described as requiring no ...

CVE-2025-54925

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url...

CVE-2025-54924

The CVE-2025-54924 entry concerns Schneider Electric EcoStruxure Power Monitoring Expert. A SSRF flaw in the GetPagesAsImages function allows remote attackers to disclose sensitive information. Unauthenticated exploitation is implied by ZDI notes; No published patch/version is specified in the pr...

CVE-2025-54924

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint...

CVE-2025-54924

CWE-918: Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in WebhookUtil.java. An attacker can access or manipulate internal server resources by sending crafted requests that are processed by the server. Remediation Upgrade org.apache.eventmesh:eventmesh-runtim...

GHSA-HF86-8X8V-H7VC Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes th...

CVE-2024-39954

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

CVE-2024-39954

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

CVE-2025-5260

Server-Side Request Forgery SSRF vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5...

CVE-2024-39954

CVE-2024-39954 refers to a Server-Side Request Forgery (SSRF) in the Apache EventMesh project, specifically in the eventmesh-runtime module’s WebhookUtil.java. The vulnerability affects the WebhookUtil.java functionality that could allow an attacker to read or modify internal resources on affecte...

CVE-2024-39954 Apache EventMesh Runtime: SSRF

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

CVE-2025-5260 SSRF in PozitifIK's Pik Online

Server-Side Request Forgery SSRF vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5...

WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin rajce versions = 0.4.2...

WordPress B Slider plugin server-side request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress B Slider plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function not implementing an adequate validation mechanis...

Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module 代码问题漏洞

Schneider Electric EcoStruxure Power Monitoring Expert and EcoStruxure Power Operation AdvancedReporting and Dashboards Module are products of Schneider Electric, France. Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT...

Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module 代码问题漏洞

Schneider Electric EcoStruxure Power Monitoring Expert and EcoStruxure Power Operation AdvancedReporting and Dashboards Module are products of Schneider Electric, France. Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT...

PT-2025-34179

Name of the Vulnerable Software and Affected Versions nbconvert versions up to and including 7.16.6 Description The nbconvert tool, used for converting Jupyter notebooks to various formats, has an issue on Windows systems. Converting a notebook with SVG output to PDF can lead to unauthorized code...